Splunk Search

Community Activity

Strange behaviour when using dedup. I have this query which when I run, index=aws_config resourceType=TERM("AWS::EC2::Volume") \| search ARN="arn:aws:... by iet_ashish Explorer in Splunk Search 04-26-2020 0 2	0	2
Sendemail query: How to send email to individual owners with servers details, who's status is shown as "MISSING"? Hello, I have a resultant data like this: Server Name Status Location Owner Email Id A-Z1 ... by raomu Explorer in Splunk Search 04-26-2020 0 2	0	2
How can I use a combination of map and sendemail to include spaces in the field values? I have a search that uses the values in temp.csv file to generate an email for each row with specific values. Let's ... by stembot New Member in Splunk Search 04-26-2020 0 9	0	9
Passing search time restrictions from main search to subsearch and modifying it Let's say that I want a search to run the main search under the time picker selection and then run a join over one da... by landen99 Motivator in Splunk Search 04-25-2020 0 7	0	7
how to reverse the data in transaction ? Hi, I have some issue with transaction command. It works fine. but sometimes endswith pattern appear and startswith p... by graju89 Path Finder in Splunk Search 04-25-2020 0 1	0	1
Splunk Conditional Statement I am using below query where my A (0012ABC) Component is an alphanumeric and B is a string (ab) but its considering A... by sagartiwari New Member in Splunk Search 04-25-2020 0 2	0	2
field extraction after brackets value hi i have log file like below need to extact the section after first "]" to "[" or "." or ":" 2020-04-24 23:59:59,51... by indeed_2000 Motivator in Splunk Search 04-25-2020 0 2	0	2
Executing main search only if subquery satisfies the condition I have two searches which I am running by joining with appendcols and passed the result of subquery to main query. i... by bsaujla131984 Path Finder in Splunk Search 04-24-2020 0 3	0	3
Account_Name " - " ? I wanted to ask if anyone knew what this Account_Name "-" is ? I am seeing it in my attempted logins for disabled acc... by splunktrainingu Communicator in Splunk Search 04-24-2020 0 4	0	4
Average Stats intervals Hello, I am trying to get around the inefficiency of the transaction command by using stats. My goal is to correlate... by jasonmadesometh Explorer in Splunk Search 04-24-2020 0 1	0	1
How to make column values as headers in dashboard I have a table that looks like... CUSTOMER ADDRESS CONTACT A ... by rcndpatel Loves-to-Learn in Splunk Search 04-24-2020 0 1	0	1
Is there a way to sort and table Data for multi-value fields based on numeric values? I have two multivalue fields that are obtained off JSON object. One field has Name, one field has (numeric) Value. ... by xinlux01rhi Explorer in Splunk Search 04-24-2020 0 4	0	4
simplifying a (field extraction error) dashboard? Possible to use the results of the same search in multiple panels on the same dashboard, and with different visualiza... by mitag Contributor in Splunk Search 04-24-2020 0 1	0	1
A way to import an externally trained model into Splunk? Hi, I have a data model trained outside of Splunk using the K-means algorithm and sampled data-set. I haven't tried... by fatemabwudel Path Finder in Splunk Search 04-24-2020 0 2	0	2
how to create a record if missing exmaple below column1:column2 1:10 2:15 4:30 5:40 in this example, column1 is missing "3", i would like to create t... by jiaqya Builder in Splunk Search 04-24-2020 0 2	0	2
need help with UI based lookup wildcard/CIDR I recently noticed that the UI for lookup definitions now has an advanced checkbox. If I select that I get the optio... by MonkeyK Builder in Splunk Search 04-24-2020 0 4	0	4
How to add a conditional where based on the field existence? mvexpand metrics \| spath input=metrics \| rename "cityCode" as pcc \| where if($selected_pcc\|s$="all",like(pcc,"%"),lik... by jieli New Member in Splunk Search 04-24-2020 0 1	0	1
Data Model acceleration not working for 1 out of 5 event datasets I have one data model accelerated which contains 5 event datasets with simple fields conditions. Now when I try to ju... by harshpatel Contributor in Splunk Search 04-24-2020 1 5	1	5
How to check total logs size in MB being sent by a host Hey Guys, Our Netflow monitoring system shows that most of the bandwidth is being consumed by port 9997 coming from ... by splunktp Explorer in Splunk Search 04-24-2020 0 6	0	6
Eval expression field not working in data model. Here is my attempt to create a new field eval in datamodels (no results): Here is the same data, just not using the... by wgawhh5hbnht Communicator in Splunk Search 04-24-2020 0 7	0	7
Why is my Splunk REST API search not working and getting error "curl: (56) Failure when receiving data from the peer"? Hi, I have the following rest call on a new 6.4 environment, and it's coming back with error: curl: (56) Failure wh... by a212830 Champion in Splunk Search 04-24-2020 1 9	1	9
Extract the name of the current running alert search Hello, I have several alerts running on minute base and would like to know within the SPL of the currently running a... by damucka Builder in Splunk Search 04-24-2020 0 4	0	4
Field Extraction needed Hi, I need extraction on below data. Variations are many but I need a specific string extracted from each variation.... by mbasharat Builder in Splunk Search 04-23-2020 0 8	0	8
How to hide the minus character from the bar graph Hello, I have generated a bar graph which has values on both positive and negative sides of the x axis. Logically, t... by varshini_97 Path Finder in Splunk Search 04-23-2020 0 1	0	1
Join across multiple sources display all sources with values present or not Hello, I have query which joins across 4 sources and correlationid may or may not exists across all sources, I want t... by msrama5 Explorer in Splunk Search 04-23-2020 0 5	0	5